Risks

Prevalence

Common

Exploitability

Moderate

Impact

Devastating

If an attacker discovers a directory traversal vulnerability, it is only a matter
of time before they compromise your system. An experienced attacker will have
seen a similar technology stack, and will have a playbook of things to try next.

If your site is indexed on Google, and you have URLs that pass file names
in the query string, you are likely advertising a potential vulnerability
to attackers. Hackers often use search engines to locate likely targets,
and will search for tell-tale URLs. Try searching Google for
site:<yourdomain.com> inurl:file= to see if any results get returned!